I heard an interesting new slant on the legality of encryption today. I was talking to a colleague who is employed in a law firm here in Germany. It appears that under the current interpretation of German law, communications of a confidential nature (for example, contracts, medical records and so forth) over an insecure network *MUST* be encrypted to protect the Client. It is therefore a breach of German law to send unencypted eMail, unless it can be proved that every stage of the transmission happens over internal (secure?) paths. I will dig further on this - perhaps there is a useful precedent to be established here. At very least we might be able to keep lawers (and doctors) off the net ;-)